Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/yKm7pk7ZrxDWmaJE7iZwoEDlByI.roa
File:                     yKm7pk7ZrxDWmaJE7iZwoEDlByI.roa (raw, json)
Hash identifier:          1IlaPoLpwyrHF0YCQqoKqbPak8B3ZbKsm9JXZbTrD48=
Subject key identifier:   C8:A9:BB:A6:4E:D9:AF:10:D6:99:A2:44:EE:26:70:A0:40:E5:07:22
Certificate issuer:       /CN=2515e8792a424ff72cc1792978e2cd4cdbeda4d0
Certificate serial:       018F5C89A99BA43913B221EAC8F7A8CBA6B3
Authority key identifier: 25:15:E8:79:2A:42:4F:F7:2C:C1:79:29:78:E2:CD:4C:DB:ED:A4:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JRXoeSpCT_cswXkpeOLNTNvtpNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/yKm7pk7ZrxDWmaJE7iZwoEDlByI.roa
Signing time:             Thu 09 May 2024 08:47:56 +0000
ROA not before:           Thu 09 May 2024 08:47:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        93.174.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/JRXoeSpCT_cswXkpeOLNTNvtpNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/JRXoeSpCT_cswXkpeOLNTNvtpNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JRXoeSpCT_cswXkpeOLNTNvtpNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5c:89:a9:9b:a4:39:13:b2:21:ea:c8:f7:a8:cb:a6:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2515e8792a424ff72cc1792978e2cd4cdbeda4d0
        Validity
            Not Before: May  9 08:47:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8a9bba64ed9af10d699a244ee2670a040e50722
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fc:35:5c:8a:4f:8c:85:95:cd:d5:50:2f:4e:
                    30:7d:0a:9a:d9:7a:ef:f7:52:f7:1b:73:cf:9f:fe:
                    df:56:de:07:5b:e9:e0:a8:99:9d:38:8c:fa:92:2b:
                    13:60:89:97:8b:25:c9:b2:60:49:fb:9a:f6:ab:01:
                    17:ad:af:25:25:2a:35:73:08:29:6b:df:cc:08:68:
                    8c:4f:8d:ce:e3:29:07:0f:52:6e:88:e9:03:f2:b5:
                    33:0b:d5:c6:f6:ac:33:1a:fc:7c:bd:6e:10:b0:a7:
                    19:35:b8:79:d6:98:8f:6c:cc:b6:e5:db:35:05:4c:
                    61:c3:3d:85:8e:9d:50:3e:df:98:3b:9d:03:37:2d:
                    4b:37:04:c8:a1:c4:cb:44:29:d1:6e:ca:d7:73:69:
                    90:f7:d4:99:7a:11:b3:4a:32:43:3a:0c:09:fd:69:
                    2a:78:8d:fd:fc:fd:9f:be:ef:51:eb:33:9e:04:b6:
                    0d:09:19:0c:fe:c2:92:36:b7:81:f9:38:98:32:ed:
                    32:a5:da:69:61:b6:a8:98:f8:22:a9:c1:31:2e:fe:
                    09:af:12:97:cf:35:de:30:0b:1e:b4:e2:97:90:7e:
                    06:a7:2f:89:8b:59:c8:94:02:80:61:72:92:5c:4b:
                    5e:06:a3:aa:19:8d:2f:ea:5b:d3:e9:2e:0b:e2:32:
                    68:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A9:BB:A6:4E:D9:AF:10:D6:99:A2:44:EE:26:70:A0:40:E5:07:22
            X509v3 Authority Key Identifier:
                keyid:25:15:E8:79:2A:42:4F:F7:2C:C1:79:29:78:E2:CD:4C:DB:ED:A4:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JRXoeSpCT_cswXkpeOLNTNvtpNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/yKm7pk7ZrxDWmaJE7iZwoEDlByI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/JRXoeSpCT_cswXkpeOLNTNvtpNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ec:16:c6:8a:70:b7:23:23:9a:3f:8b:86:99:12:d2:e6:23:
         d7:5e:97:06:73:e3:e2:6c:8b:29:60:86:e3:a7:ed:88:e7:43:
         16:e2:ee:b5:ca:cf:13:33:88:bd:72:55:0f:9d:10:73:e0:0a:
         8f:bb:1a:b9:e1:3d:55:c0:48:bc:2d:95:b8:65:7d:cc:5b:ee:
         f6:e3:21:52:a2:03:39:64:b1:33:d5:7e:6b:5d:58:f6:e6:a9:
         a2:57:a6:8d:9d:57:ff:d5:72:97:a0:7c:e3:85:20:3f:e7:98:
         b5:50:08:ad:d5:25:38:8e:7c:08:29:16:be:38:9c:bf:1b:13:
         92:47:69:66:68:c4:9d:e9:ab:bf:69:04:d3:6a:71:ff:2c:8b:
         59:6b:3f:dc:3b:ac:94:1d:63:c3:1e:64:66:9c:bb:e3:07:c3:
         0b:19:d7:d2:d5:a3:7f:fb:eb:78:11:fc:71:fc:90:bb:35:ce:
         28:5e:45:e1:52:d9:70:5a:14:3f:af:97:4f:ce:fe:a5:71:81:
         ee:04:c2:e2:fe:94:a1:22:3e:d0:6f:79:ba:54:68:1b:7e:85:
         fd:6e:54:78:18:4f:16:db:f8:7c:fd:ac:33:34:f1:ff:c5:84:
         70:83:33:83:51:dc:25:c5:b9:99:b1:09:3e:12:dd:7d:e0:4b:
         c4:a6:be:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9ciambpDkTsiHqyPeoy6azMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MTVlODc5MmE0MjRmZjcyY2MxNzkyOTc4ZTJjZDRjZGJl
ZGE0ZDAwHhcNMjQwNTA5MDg0NzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGE5YmJhNjRlZDlhZjEwZDY5OWEyNDRlZTI2NzBhMDQwZTUwNzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvw1XIpPjIWVzdVQL04wfQqa2Xrv
91L3G3PPn/7fVt4HW+ngqJmdOIz6kisTYImXiyXJsmBJ+5r2qwEXra8lJSo1cwgp
a9/MCGiMT43O4ykHD1JuiOkD8rUzC9XG9qwzGvx8vW4QsKcZNbh51piPbMy25ds1
BUxhwz2Fjp1QPt+YO50DNy1LNwTIocTLRCnRbsrXc2mQ99SZehGzSjJDOgwJ/Wkq
eI39/P2fvu9R6zOeBLYNCRkM/sKSNreB+TiYMu0ypdppYbaomPgiqcExLv4JrxKX
zzXeMAsetOKXkH4Gpy+Ji1nIlAKAYXKSXEteBqOqGY0v6lvT6S4L4jJo4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMipu6ZO2a8Q1pmiRO4mcKBA5QciMB8GA1UdIwQY
MBaAFCUV6HkqQk/3LMF5KXjizUzb7aTQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlJYb2VTcENUX2Nzd1hrcGVPTE5UTnZ0cE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8zZDBmNDAtYTdkZC00Njg5LWJjMzIt
OWVlZDlkNzVjMGQxLzEveUttN3BrN1pyeERXbWFKRTdpWndvRURsQnlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8zZDBmNDAtYTdkZC00Njg5LWJjMzItOWVlZDlkNzVjMGQx
LzEvSlJYb2VTcENUX2Nzd1hrcGVPTE5UTnZ0cE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXa5gMA0G
CSqGSIb3DQEBCwUAA4IBAQBA7BbGinC3IyOaP4uGmRLS5iPXXpcGc+PibIspYIbj
p+2I50MW4u61ys8TM4i9clUPnRBz4AqPuxq54T1VwEi8LZW4ZX3MW+724yFSogM5
ZLEz1X5rXVj25qmiV6aNnVf/1XKXoHzjhSA/55i1UAit1SU4jnwIKRa+OJy/GxOS
R2lmaMSd6au/aQTTanH/LItZaz/cO6yUHWPDHmRmnLvjB8MLGdfS1aN/++t4Efxx
/JC7Nc4oXkXhUtlwWhQ/r5dPzv6lcYHuBMLi/pShIj7Qb3m6VGgbfoX9blR4GE8W
2/h8/awzNPH/xYRwgzODUdwlxbmZsQk+Et194EvEpr63
-----END CERTIFICATE-----